HD
Sign In

PRIVACY POLICY

Last updated: April 17, 2026

1. Overview

This Privacy Policy describes how Martin Digital Assets, LLC ("we") collects, uses, and shares personal information when you use HeavyDutyShops.com (the "Service"). By using the Service, you consent to the data practices described here.

2. Information We Collect

Account information — When you register, we collect your name, email address, and password (stored as a salted hash). If you sign up via Google, we receive your Google account email, name, and profile picture URL.

Business listing information — For business owners, we collect business name, address, phone, email, website, hours, services, brands, pricing, fleet details, and photos you upload.

Payment information — For paid subscriptions, card details are tokenized by Authorize.net's Customer Information Manager (CIM). We never see or store raw card numbers — only the CIM customer profile ID. Merchant-account processing fees are calculated from Authorize.net settlement reports.

Reviews and content — The text of reviews, ratings, and tags you submit.

Usage analytics — We log page views, searches, phone-click, direction-click, website-click, message, and save events on business listings. We may store a hashed IP address and user-agent string to detect abuse.

Cookies — We use HTTP-only session cookies for authentication (provided by Supabase Auth). No third-party advertising cookies are set by the Service.

3. How We Use Information

  • Provide and operate the directory and account features.
  • Send transactional emails (verification, password reset, receipts).
  • Verify business claims via phone or email.
  • Calculate and charge monthly subscription and merchant-account processing fees.
  • Aggregate analytics to improve search, match driver needs to shops, and report listing performance to business owners.
  • Detect, prevent, and respond to abuse, fraud, and security threats.
  • Comply with legal obligations.

4. Third-Party Services

We share data with the following processors, only to the extent needed for them to provide their service:

  • Supabase — authentication, database, file storage, and auth email delivery.
  • Authorize.net — card tokenization, subscription billing, and merchant-account gateway.
  • Resend — transactional email delivery (receipts, notifications).
  • Google — if you sign in via Google OAuth, authentication flows through Google's servers.
  • Vercel — hosting and application delivery.
  • POS Outlet — for users enrolled in merchant-account services.

We do not sell personal information. We do not share personal information with advertisers or data brokers.

5. Data Retention

We retain account data for as long as your account is active. Reviews are retained indefinitely even if your account is deleted, but with your name anonymized to "Former User". Payment records are retained for 7 years to meet tax and accounting obligations. Analytics event data is retained in aggregate indefinitely and at the per-event level for 24 months.

6. Your Rights

You have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate information via your dashboard.
  • Delete your account and associated data. Contact us at the address below; we will complete deletion within 30 days.
  • Export your data in a machine-readable format on request.
  • Opt out of marketing emails. Transactional emails (receipts, password resets, billing) cannot be opted out of while your account is active.

California residents have additional rights under the CCPA. EU and UK residents have additional rights under the GDPR. We extend these rights to all users where practical.

7. Children's Privacy

The Service is intended for users 18 years and older. We do not knowingly collect personal information from children. If you believe we have collected information from a child, contact us and we will delete it.

8. Security

We use industry-standard measures to protect data in transit (TLS) and at rest (encrypted database storage; payment tokens). Gateway credentials and other secrets are encrypted at the database level usingpgp_sym_encrypt. No system is perfectly secure — if we become aware of a breach affecting your data, we will notify you in accordance with applicable law.

9. International Data Transfers

The Service is hosted in the United States. If you access it from outside the U.S., your information will be transferred to and processed in the U.S. By using the Service, you consent to this transfer.

10. Changes to This Policy

We may update this policy from time to time. Material changes will be announced via email to registered users or prominent notice on the homepage. The "Last updated" date above indicates when the current version took effect.

11. Contact

Privacy questions, data access requests, or account deletion requests:

Martin Digital Assets, LLC
Email: privacy@heavydutyshops.com